Presentation is loading. Please wait.

Presentation is loading. Please wait.

A proposal for a Non Repudiation Protocol for epSOS Massimiliano Masi.

Published byAllan Simon Modified over 8 years ago

Similar presentations

Presentation on theme: "A proposal for a Non Repudiation Protocol for epSOS Massimiliano Masi."— Presentation transcript:

1 A proposal for a Non Repudiation Protocol for epSOS Massimiliano Masi

2 Motivation EpSOS D3.7.2 defined the “Non Repudiation Security Service” (section 5.2) – ISO13888 tokens, Non Repudiation of Origin, of Receipt, of Delivery, and of Submission – Technologies indicated where IPSec, TLS, Message Payload Signatures, TTPs, and Audit Trails – To reduce the costs of the initial pilot (2009), “the required acknowledge of every message could be relaxed” (section 7.8.1)

3 Motivation The e-SENS project aims at the definition of Solution Building Blocks (SBB) SBB Interoperable Cross Border and Cross Domain (not only eHealth) SBB Guaranteed to be sustainable through CEF Existing LSP (such as epSOS) can use the e- SENS BB to enhance existing infrastructure

4 Motivation The e-SENS Non Repudiation Task Force defined a per-hop non repudiation protocol using notary services (Trusted Third Parties) Solution is eIDAS compliant Each actor (e.g., NCPs) stores evidence in the database, located in the same security zone of the TRC Issuer Solution: to fulfill the 3.7 requirements by using ATNA (as per 3.4.2) and ETSI REM

5 High Level Overview

6 Country B Message is in transit from B to A (e.g., XCA CrossGatewayRetrieve) – National Infrastructure MAY issue the NRO token (SubmissionAcceptanceRejection, SAR) – The message is received by NCPB, which MUST issue a NRR token (ReceiptNonReceipt, RNR) – NCPB performs internal operations – NCPB MUST issue a NRO token when the message is sent – All the tokens are stored in the Notary Service

7 Country A NCPA receives the message, and it MUST issue a NRR token NCPA performs internal operations NCPA MUST issue a NRO token before sending the new message to the national infrastructure National Infrastructure MAY issue a NRR token

8 Discussion Non Repudiation of message exchange Translation, Transcoding, Security, are not considered If National Infrastructures issues their tokens, there is an additional NRD evidence to be sent to the end-user No storage of documents in NCP No change in the epSOS message flow and message semantics Solution legally stable (eIDAS compliant) Tokens based on ETSI REM and ISO 13888 (under analysis) Highly flexible system through the usage of epSOS Extended Security Safeguard (ESS) XACML-based approach

9 Implementation Implementation is provided by e-SENS – OpenNCP just *INTEGRATES* It is based on the Evidence Emitter ABB Test performed by e-SENS (GITB testing) Gazelle’s test assertions, schema, are already integrated Schematrons are on their way

Download ppt "A proposal for a Non Repudiation Protocol for epSOS Massimiliano Masi."

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
Conclusions from e-Health

Conclusions from e-Health
PART III FULFILMENT OF LEGAL REQUIREMENTS BY ELECTRONICS MEANS.

PART III FULFILMENT OF LEGAL REQUIREMENTS BY ELECTRONICS MEANS.
The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.

The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Functional requirements for non- repudiation in eHealth domain For potential eHealth dispute resolution we need the following (among possible other data):

Functional requirements for non- repudiation in eHealth domain For potential eHealth dispute resolution we need the following (among possible other data):
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.

E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.
E-SENS Electronic Simple European Networked Services e-SENS CC5.2 F2F Porto, May 12/13, 2015 SMP & SML Massimiliano Masi.

E-SENS Electronic Simple European Networked Services e-SENS CC5.2 F2F Porto, May 12/13, 2015 SMP & SML Massimiliano Masi.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Trusted Coordination ADAPT Workshop, 11-12 December 03 1 Building Blocks for Trusted Coordination (a status report from the TAPAS project) Santosh Shrivastava.

Trusted Coordination ADAPT Workshop, December 03 1 Building Blocks for Trusted Coordination (a status report from the TAPAS project) Santosh Shrivastava.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.

Exchange of digitally signed SPSCertificate messages Overview of prototype of digital signature applied to SPSCertificate message between national systems.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.

E-SENS eHealth Use Cases. eHealth Use Cases (Overview) eConfirmation How is a health care provider in MS B able to get an insurance confirmation for a.

Similar presentations

Ads by Google